aeris
/
cryptcheck
Sledovat 1
Oblíbit 0
Rozštěpit 0
Zdrojový kód Úkoly 0 Požadavky na natažení 0 Vydání 0 Wiki Aktivita
Nelze vybrat více než 25 témat Téma musí začínat písmenem nebo číslem, může obsahovat pomlčky („-“) a může být dlouhé až 35 znaků.
125 Revize
2 Větve
Strom: c75601dad4
Větve Značky
${ item.name }
Vytvořit větev ${ searchTerm }
z „c75601dad4“
${ noResults }
cryptcheck/lib/cryptcheck/tls/engine.rb

engine.rb 14KB
Historie Surový

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476 
  1. require 'socket'

  2. require 'openssl'

  3. 

  4. module CryptCheck

  5. 	module Tls

  6. 		module Engine

  7. 			TCP_TIMEOUT = 10

  8. 			TLS_TIMEOUT = 2*TCP_TIMEOUT

  9. 

  10. 			class TLSException < ::StandardError

  11. 			end

  12. 			class TLSNotAvailableException < TLSException

  13. 				def to_s

  14. 					'TLS seems not supported on this server'

  15. 				end

  16. 			end

  17. 			class MethodNotAvailable < TLSException

  18. 			end

  19. 			class CipherNotAvailable < TLSException

  20. 			end

  21. 			class InappropriateFallback < TLSException

  22. 			end

  23. 			class Timeout < ::StandardError

  24. 				def initialize(ip, port)

  25. 					@message = "Timeout when connecting to #{ip}:#{port} (max #{TCP_TIMEOUT.humanize})"

  26. 				end

  27. 

  28. 				def to_s

  29. 					@message

  30. 				end

  31. 			end

  32. 			class TLSTimeout < Timeout

  33. 				def initialize(ip, port)

  34. 					@message = "Timeout when TLS connecting to #{ip}:#{port} (max #{TLS_TIMEOUT.humanize})"

  35. 				end

  36. 			end

  37. 			class ConnectionError < ::StandardError

  38. 			end

  39. 

  40. 			attr_reader :hostname, :ip, :family, :port, :certs, :keys, :dh,

  41. 						:supported_methods, :supported_ciphers,

  42. 						:supported_curves, :curves_preference

  43. 

  44. 			def initialize(hostname, ip, family, port)

  45. 				@hostname, @ip, @family, @port = hostname, ip, family, port

  46. 				@dh                            = []

  47. 

  48. 				@name = "#@ip:#@port"

  49. 				@name += " [#@hostname]" if @hostname

  50. 

  51. 				Logger.info { @name.colorize :blue }

  52. 

  53. 				fetch_supported_methods

  54. 				fetch_supported_ciphers

  55. 				fetch_dh

  56. 				fetch_ciphers_preferences

  57. 				fetch_ecdsa_certs

  58. 				fetch_supported_curves

  59. 				fetch_curves_preference

  60. 

  61. 				check_fallback_scsv

  62. 

  63. 				verify_certs

  64. 			end

  65. 

  66. 			def supported_method?(method)

  67. 				ssl_client method

  68. 				Logger.info { "  Method #{method}" }

  69. 				true

  70. 			rescue TLSException

  71. 				Logger.debug { "  Method #{method} : not supported" }

  72. 				false

  73. 			end

  74. 

  75. 			def fetch_supported_methods

  76. 				Logger.info { '' }

  77. 				Logger.info { 'Supported methods' }

  78. 				@supported_methods = Method.select { |m| supported_method? m }

  79. 				raise TLSNotAvailableException if @supported_methods.empty?

  80. 			end

  81. 

  82. 			def supported_cipher?(method, cipher)

  83. 				connection = ssl_client method, cipher

  84. 				Logger.info { "  Cipher #{cipher}" }

  85. 				dh = connection.tmp_key

  86. 				if dh

  87. 					Logger.info { "    PFS : #{dh}" }

  88. 				end

  89. 				connection

  90. 			rescue TLSException

  91. 				Logger.debug { "  Cipher #{cipher} : not supported" }

  92. 				nil

  93. 			end

  94. 

  95. 			def fetch_supported_ciphers

  96. 				Logger.info { '' }

  97. 				Logger.info { 'Supported ciphers' }

  98. 				@supported_ciphers = @supported_methods.collect do |method|

  99. 					ciphers = Cipher[method].collect do |cipher|

  100. 						connection = supported_cipher? method, cipher

  101. 						next nil unless connection

  102. 						[cipher, connection]

  103. 					end.compact.to_h

  104. 					[method, ciphers]

  105. 				end.to_h

  106. 			end

  107. 

  108. 			def fetch_ciphers_preferences

  109. 				Logger.info { '' }

  110. 				Logger.info { 'Cipher suite preferences' }

  111. 

  112. 				@preferences = @supported_ciphers.collect do |method, ciphers|

  113. 					ciphers     = ciphers.keys

  114. 					preferences = if ciphers.size < 2

  115. 									  Logger.info { "  #{method}  : " + 'not applicable'.colorize(:unknown) }

  116. 									  nil

  117. 								  else

  118. 									  a, b, _ = ciphers

  119. 									  ab      = ssl_client(method, [a, b]).cipher.first

  120. 									  ba      = ssl_client(method, [b, a]).cipher.first

  121. 									  if ab != ba

  122. 										  Logger.info { "  #{method} : " + 'client preference'.colorize(:warning) }

  123. 										  :client

  124. 									  else

  125. 										  sort        = -> (a, b) do

  126. 											  connection = ssl_client method, [a, b]

  127. 											  cipher     = connection.cipher.first

  128. 											  cipher == a.name ? -1 : 1

  129. 										  end

  130. 										  preferences = ciphers.sort &sort

  131. 										  Logger.info { "  #{method}  : " + preferences.collect { |c| c.to_s :short }.join(', ') }

  132. 										  preferences

  133. 									  end

  134. 								  end

  135. 					[method, preferences]

  136. 				end.to_h

  137. 			end

  138. 

  139. 			def fetch_dh

  140. 				@dh = @supported_ciphers.collect do |_, ciphers|

  141. 					ciphers.values.collect(&:tmp_key).select { |d| d.is_a? OpenSSL::PKey::DH }

  142. 				end.flatten

  143. 			end

  144. 

  145. 			def fetch_ecdsa_certs

  146. 				@ecdsa_certs = {}

  147. 

  148. 				@supported_ciphers.each do |method, ciphers|

  149. 					ecdsa = ciphers.keys.detect &:ecdsa?

  150. 					next unless ecdsa

  151. 

  152. 					@ecdsa_certs = Curve.collect do |curve|

  153. 						begin

  154. 							connection = ssl_client method, ecdsa, curves: curve

  155. 							[curve, connection]

  156. 						rescue TLSException

  157. 							nil

  158. 						end

  159. 					end.compact.to_h

  160. 

  161. 					break

  162. 				end

  163. 			end

  164. 

  165. 			def fetch_supported_curves

  166. 				Logger.info { '' }

  167. 				Logger.info { 'Supported elliptic curves' }

  168. 				@supported_curves = []

  169. 

  170. 				ecdsa_curve = @ecdsa_certs.keys.first

  171. 				if ecdsa_curve

  172. 					# If we have an ECDSA cipher, we need at least the certificate curve to do handshake,

  173. 					# but with lowest priority to check for ECHDE and not just ECDSA

  174. 

  175. 					@supported_ciphers.each do |method, ciphers|

  176. 						ecdsa = ciphers.keys.detect &:ecdsa?

  177. 						next unless ecdsa

  178. 						@supported_curves = Curve.select do |curve|

  179. 							next true if curve == ecdsa_curve # ECDSA curve is always supported

  180. 							begin

  181. 								connection       = ssl_client method, ecdsa, curves: [curve, ecdsa_curve]

  182. 								# Not too fast !!!

  183. 								# Handshake will **always** succeed, because ECDSA

  184. 								# curve is always supported.

  185. 								# So, we need to test for the real curve!

  186. 								# Treaky case : if server preference is enforced,

  187. 								# ECDSA curve can be prefered over ECDHE one and so

  188. 								# really supported curve can be detected as not supported :(

  189. 

  190. 								dh               = connection.tmp_key

  191. 								negociated_curve = dh.curve

  192. 								supported        = ecdsa_curve != negociated_curve

  193. 								if supported

  194. 									Logger.info { "  ECC curve #{curve.name}" }

  195. 								else

  196. 									Logger.debug { "  ECC curve #{curve.name} : not supported" }

  197. 								end

  198. 								supported

  199. 							rescue TLSException

  200. 								false

  201. 							end

  202. 						end

  203. 						break

  204. 					end

  205. 				else

  206. 					# If we have no ECDSA ciphers, ECC supported are only ECDH ones

  207. 					# So peak an ECDH cipher and test all curves

  208. 					@supported_ciphers.each do |method, ciphers|

  209. 						ecdh = ciphers.keys.detect { |c| c.ecdh? or c.ecdhe? }

  210. 						next unless ecdh

  211. 						@supported_curves = Curve.select do |curve|

  212. 							begin

  213. 								ssl_client method, ecdh, curves: curve

  214. 								Logger.info { "  ECC curve #{curve.name}" }

  215. 								true

  216. 							rescue TLSException

  217. 								Logger.debug { "  ECC curve #{curve.name} : not supported" }

  218. 								false

  219. 							end

  220. 						end

  221. 						break

  222. 					end

  223. 				end

  224. 			end

  225. 

  226. 			def fetch_curves_preference

  227. 				@curves_preference = if @supported_curves.size < 2

  228. 										 Logger.info { 'Curves preference : ' + 'not applicable'.colorize(:unknown) }

  229. 										 nil

  230. 									 else

  231. 										 method, cipher = @supported_ciphers.collect do |method, ciphers|

  232. 											 cipher = ciphers.keys.detect { |c| c.ecdh? or c.ecdhe? }

  233. 											 [method, cipher]

  234. 										 end.detect { |n| !n.nil? }

  235. 

  236. 										 a, b, _ = @supported_curves

  237. 										 ab, ba  = [a, b], [b, a]

  238. 										 if cipher.ecdsa?

  239. 											 # In case of ECDSA, add the cert key at the end

  240. 											 # Or no negociation possible

  241. 											 ecdsa_curve = @ecdsa_certs.keys.first

  242. 											 ab << ecdsa_curve

  243. 											 ba << ecdsa_curve

  244. 										 end

  245. 										 ab = ssl_client(method, cipher, curves: ab).tmp_key.curve

  246. 										 ba = ssl_client(method, cipher, curves: ba).tmp_key.curve

  247. 										 if ab != ba

  248. 											 Logger.info { 'Curves preference : ' + 'client preference'.colorize(:warning) }

  249. 											 :client

  250. 										 else

  251. 											 sort        = -> (a, b) do

  252. 												 curves = [a, b]

  253. 												 if cipher.ecdsa?

  254. 													 # In case of ECDSA, add the cert key at the end

  255. 													 # Or no negociation possible

  256. 													 curves << ecdsa_curve

  257. 												 end

  258. 												 connection = ssl_client method, cipher, curves: curves

  259. 												 curve      = connection.tmp_key.curve

  260. 												 a == curve ? -1 : 1

  261. 											 end

  262. 											 preferences = @supported_curves.sort &sort

  263. 											 Logger.info { 'Curves preference : ' + preferences.collect { |c| c.name }.join(', ') }

  264. 											 preferences

  265. 										 end

  266. 									 end

  267. 			end

  268. 

  269. 			def check_fallback_scsv

  270. 				Logger.info { '' }

  271. 

  272. 				@fallback_scsv = false

  273. 				if @supported_methods.size > 1

  274. 					# We will try to connect to the not better supported method

  275. 					method = @supported_methods[1]

  276. 

  277. 					begin

  278. 						ssl_client method, fallback: true

  279. 					rescue InappropriateFallback

  280. 						@fallback_scsv = true

  281. 					end

  282. 				else

  283. 					@fallback_scsv = nil

  284. 				end

  285. 

  286. 				text, color = case @fallback_scsv

  287. 								  when true

  288. 									  ['supported', :good]

  289. 								  when false

  290. 									  ['not supported', :error]

  291. 								  when nil

  292. 									  ['not applicable', :unknown]

  293. 							  end

  294. 				Logger.info { 'Fallback SCSV : ' + text.colorize(color) }

  295. 			end

  296. 

  297. 			Method.each do |method|

  298. 				class_eval <<-RUBY_EVAL, __FILE__, __LINE__ + 1

  299. 					def #{method.to_sym.downcase}?

  300. 						@supported_methods.detect { |m| m == :#{method.to_sym} }

  301. 					end

  302. 				RUBY_EVAL

  303. 			end

  304. 

  305. 			Cipher::TYPES.each do |type, _|

  306. 				class_eval <<-RUBY_EVAL, __FILE__, __LINE__ + 1

  307. 					def #{type}?

  308. 						uniq_supported_ciphers.any? { |c| c.#{type}? }

  309. 					end

  310. 				RUBY_EVAL

  311. 			end

  312. 

  313. 			private

  314. 			def connect(&block)

  315. 				socket   = ::Socket.new @family, sock_type

  316. 				sockaddr = ::Socket.sockaddr_in @port, @ip

  317. 				#Logger.trace { "Connecting to #{@ip}:#{@port}" }

  318. 				begin

  319. 					status = socket.connect_nonblock sockaddr

  320. 					#Logger.trace { "Connecting to #{@ip}:#{@port} status : #{status}" }

  321. 					raise ConnectionError, status unless status == 0

  322. 					#Logger.trace { "Connected to #{@ip}:#{@port}" }

  323. 					block_given? ? block.call(socket) : nil

  324. 				rescue ::IO::WaitReadable

  325. 					#Logger.trace { "Waiting for read to #{@ip}:#{@port}" }

  326. 					raise Timeout.new(@ip, @port) unless IO.select [socket], nil, nil, TCP_TIMEOUT

  327. 					retry

  328. 				rescue ::IO::WaitWritable

  329. 					#Logger.trace { "Waiting for write to #{@ip}:#{@port}" }

  330. 					raise Timeout.new(@ip, @port) unless IO.select nil, [socket], nil, TCP_TIMEOUT

  331. 					retry

  332. 				rescue Errno::ECONNREFUSED => e

  333. 					raise ConnectionError, e

  334. 				ensure

  335. 					socket.close

  336. 				end

  337. 			end

  338. 

  339. 			def ssl_connect(socket, context, method, &block)

  340. 				ssl_socket          = ::OpenSSL::SSL::SSLSocket.new socket, context

  341. 				ssl_socket.hostname = @hostname if @hostname and method != :SSLv2

  342. 				#Logger.trace { "SSL connecting to #{name}" }

  343. 				begin

  344. 					ssl_socket.connect_nonblock

  345. 					#Logger.trace { "SSL connected to #{name}" }

  346. 					return block_given? ? block.call(ssl_socket) : nil

  347. 				rescue ::OpenSSL::SSL::SSLErrorWaitReadable

  348. 					#Logger.trace { "Waiting for SSL read to #{name}" }

  349. 					raise TLSTimeout.new(@ip, @port) unless IO.select [ssl_socket], nil, nil, TLS_TIMEOUT

  350. 					retry

  351. 				rescue ::OpenSSL::SSL::SSLErrorWaitWritable

  352. 					#Logger.trace { "Waiting for SSL write to #{name}" }

  353. 					raise TLSTimeout.new(@ip, @port) unless IO.select nil, [ssl_socket], nil, TLS_TIMEOUT

  354. 					retry

  355. 				rescue ::OpenSSL::SSL::SSLError => e

  356. 					case e.message

  357. 						when /state=SSLv2 read server hello A$/,

  358. 								/state=SSLv3 read server hello A$/,

  359. 								/state=SSLv3 read server hello A: wrong version number$/,

  360. 								/state=SSLv3 read server hello A: tlsv1 alert protocol version$/,

  361. 								/state=SSLv3 read server key exchange A: sslv3 alert handshake failure$/

  362. 							raise MethodNotAvailable, e

  363. 						when /state=SSLv2 read server hello A: peer error no cipher$/,

  364. 								/state=error: no ciphers available$/,

  365. 								/state=SSLv3 read server hello A: sslv3 alert handshake failure$/,

  366. 								/state=error: missing export tmp dh key$/,

  367. 								/state=error: wrong curve$/

  368. 							raise CipherNotAvailable, e

  369. 						when /state=SSLv3 read server hello A: tlsv1 alert inappropriate fallback$/

  370. 							raise InappropriateFallback, e

  371. 					end

  372. 					raise

  373. 				rescue ::SystemCallError => e

  374. 					case e.message

  375. 						when /^Connection reset by peer - SSL_connect$/

  376. 							raise TLSNotAvailableException, e

  377. 					end

  378. 					raise

  379. 				ensure

  380. 					ssl_socket.close

  381. 				end

  382. 			end

  383. 

  384. 			def ssl_client(method, ciphers = nil, curves: nil, fallback: false, &block)

  385. 				ssl_context = ::OpenSSL::SSL::SSLContext.new method.to_sym

  386. 				ssl_context.enable_fallback_scsv if fallback

  387. 

  388. 				if ciphers

  389. 					ciphers = [ciphers] unless ciphers.is_a? Enumerable

  390. 					ciphers = ciphers.collect(&:name).join ':'

  391. 				else

  392. 					ciphers = Cipher::ALL

  393. 				end

  394. 				ssl_context.ciphers = ciphers

  395. 

  396. 				if curves

  397. 					curves                  = [curves] unless curves.is_a? Enumerable

  398. 					# OpenSSL fails if the same curve is selected multiple times

  399. 					# So because Array#uniq preserves order, remove the less prefered ones

  400. 					curves                  = curves.collect(&:name).uniq.join ':'

  401. 					ssl_context.ecdh_curves = curves

  402. 				end

  403. 

  404. 				Logger.trace { "Try method=#{method} / ciphers=#{ciphers} / curves=#{curves} / scsv=#{fallback}" }

  405. 				begin

  406. 					connect do |socket|

  407. 						ssl_connect socket, ssl_context, method do |ssl_socket|

  408. 							return block_given? ? block.call(ssl_socket) : ssl_socket

  409. 						end

  410. 					end

  411. 				rescue => e

  412. 					Logger.trace { "Error occurs : #{e}" }

  413. 					raise

  414. 				end

  415. 			end

  416. 

  417. 			def verify_certs

  418. 				Logger.info { '' }

  419. 				Logger.info { 'Certificates' }

  420. 

  421. 				# Let's begin the fun

  422. 				# First, collect "standard" connections

  423. 				# { method => { cipher => connection, ... }, ... }

  424. 				certs  = @supported_ciphers.values.collect(&:values).flatten 1

  425. 				# Then, collect "ecdsa" connections

  426. 				# { curve => connection, ... }

  427. 				certs  += @ecdsa_certs.values

  428. 				# For anonymous cipher, there is no certificate at all

  429. 				certs  = certs.reject { |c| c.peer_cert.nil? }

  430. 				# Then, fetch cert

  431. 				certs  = certs.collect { |c| Cert.new c }

  432. 				# Then, filter cert to keep uniq fingerprint

  433. 				@certs = certs.uniq { |c| c.fingerprint }

  434. 

  435. 				@trusted = @valid = true

  436. 				@certs.each do |cert|

  437. 					key      = cert.key

  438. 					identity = cert.valid?(@hostname || @ip)

  439. 					trust    = cert.trusted?

  440. 					Logger.info { "  Certificate #{cert.subject} [#{cert.serial}] issued by #{cert.issuer}" }

  441. 					Logger.info { '    Key : ' + Tls.key_to_s(key) }

  442. 					if identity

  443. 						Logger.info { '    Identity : ' + 'valid'.colorize(:good) }

  444. 					else

  445. 						Logger.info { '    Identity : ' + 'invalid'.colorize(:error) }

  446. 						@valid = false

  447. 					end

  448. 					if trust == :trusted

  449. 						Logger.info { '    Trust : ' + 'trusted'.colorize(:good) }

  450. 					else

  451. 						Logger.info { '    Trust : ' + 'untrusted'.colorize(:error) + ' - ' + trust }

  452. 						@trusted = false

  453. 					end

  454. 				end

  455. 				@keys = @certs.collect &:key

  456. 			end

  457. 

  458. 			def uniq_dh

  459. 				dh, find = [], []

  460. 				@dh.each do |k|

  461. 					f = [k.type, k.size]

  462. 					unless find.include? f

  463. 						dh << k

  464. 						find << f

  465. 					end

  466. 				end

  467. 				@dh = dh

  468. 			end

  469. 

  470. 			private

  471. 			def uniq_supported_ciphers

  472. 				@supported_ciphers.values.collect(&:keys).flatten.uniq

  473. 			end

  474. 		end

  475. 	end

  476. end